Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-0096HistoryMay 31, 2014 - 11:17 a.m.
CVE-2014-0096
2014-05-3111:17:00
Debian Security Bug Tracker
security-tracker.debian.org
17
0.001 Low
EPSS
Percentile
47.5%
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | all | tomcat7 | < 7.0.75-1 | tomcat7_7.0.75-1_all.deb |
| Debian | 9 | all | tomcat8 | < 8.5.54-0+deb9u1 | tomcat8_8.5.54-0+deb9u1_all.deb |
Related
prion
prion
Xxe
2014-05-31 11:17:00
osv
osv
Improper Input Validation in Apache Tomcat
2022-05-14 01:10:18
tomcat7 - security update
2016-04-17 00:00:00
nessus
nessus
F5 Networks BIG-IP : Apache Tomcat vulnerability (SOL15428)
2014-12-03 00:00:00
Apache Tomcat 7.0.x < 7.0.53 Multiple Vulnerabilities
2015-03-02 00:00:00
RHEL 7 : tomcat (RHSA-2014:0827)
2014-07-30 00:00:00
ubuntucve
ubuntucve
CVE-2014-0096
2014-05-31 00:00:00
github
github
Improper Input Validation in Apache Tomcat
2022-05-14 01:10:18
cvelist
cvelist
CVE-2014-0096
2014-05-31 10:00:00
f5
f5
SOL15428 - Apache Tomcat vulnerability CVE-2014-0096
2014-07-17 00:00:00
K15428 : Apache Tomcat vulnerability CVE-2014-0096
2015-06-13 00:00:00
cve
cve
CVE-2014-0096
2014-05-31 11:17:13
nvd
nvd
CVE-2014-0096
2014-05-31 11:17:13
securityvulns
securityvulns
[SECURITY] CVE-2014-0096 Apache Tomcat information disclosure
2014-05-29 00:00:00
Apache Tomcat multiple security vulnerabilities
2014-05-29 00:00:00
veracode
veracode
XML External Entity (XXE)
2017-04-07 03:32:44
redhat
redhat
(RHSA-2014:0827) Moderate: tomcat security update
2014-07-02 00:00:00
kaspersky
kaspersky
KLA10072 Multiple vulnerabilities in Apache Tomcat
2014-03-30 00:00:00
freebsd
freebsd
tomcat -- multiple vulnerabilities
2014-05-23 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2014-07-30 00:00:00
threatpost
threatpost
Apache Patches Bugs in Tomcat
2014-05-30 12:31:25
oraclelinux
oraclelinux
tomcat security update
2014-07-23 00:00:00
tomcat6 security and bug fix update
2014-07-09 00:00:00
tomcat security update
2014-08-07 00:00:00
ibm
ibm
openvas
openvas
RedHat Update for tomcat RHSA-2014:0827-01
2014-07-07 00:00:00
Apache Tomcat Multiple Vulnerabilities (Nov 2014)
2014-11-28 00:00:00
Oracle: Security Advisory (ELSA-2014-0827)
2015-10-06 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 7.0.53
2014-03-30 00:00:00
Fixed in Apache Tomcat 8.0.5
2014-03-27 00:00:00
Fixed in Apache Tomcat 6.0.41
2014-05-23 00:00:00
mageia
mageia
Updated tomcat and tomcat6 packages fix security vulnerabilities
2014-06-20 00:30:12
fedora
fedora
[SECURITY] Fedora 21 Update: tomcat-7.0.59-1.fc21
2015-02-23 08:03:06
amazon
amazon
Medium: tomcat7
2015-05-14 14:38:00
Medium: tomcat8
2015-05-14 14:40:00
centos
centos
tomcat6 security update
2014-07-09 16:09:49
debian
debian
[SECURITY] [DSA 3552-1] tomcat7 security update
2016-04-17 18:44:26
[SECURITY] [DSA 3530-1] tomcat6 security update
2016-03-25 18:47:56
symantec
symantec
SA100 : Apache Tomcat Vulnerabilities
2015-07-23 08:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2014-12-15 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2014
2014-07-15 00:00:00
Oracle Critical Patch Update - October 2014
2014-10-14 00:00:00
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00